Before we proceed to the concept of PE File Format, which describes the internal structure of all Windows executable files, one should also know the concepts of Virtual Address (VA), Relative Virtual Address (RVA) and Offsets as these would be the foundation in helping you to understand the technical parts of the PE file format. …
Earlier, I wrote a post on “Understanding PE Structure – The Layman’s Way” and this one is a continuation to that post. I highly recommend my readers to go through that post, where I have gone detailed into the PE file format, before jumping onto this article. Since the earlier post was already too long …
For the past couple of months, I thought of implementing an internal Sandbox for my organization as you cannot rely totally on other community-based sandboxes available on the internet like Hybrid Analysis, Joe Sandbox, Reverse It, etc… Though they give you the best results, very much need arises to have an internal sandbox in your …
Hello readers! In this article, we will look at the PE Header which is very much important in understanding the internal part of an executable file. Once you have an overall idea about what’s inside the executable file and how that executable file works in Windows it will then become easy for you to analyze …
Hi readers! The agenda of this article is to give a brief overview of the registry keys and the ways malware authors use in order to achieve persistence so as to evade detection by traditional security technology. Malware often uses the registry for persistence or configuration data. And as soon as the malware gets inside …